Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Policy - Compliance Overview & Non-Compliant Resources Details

    On the "non-compliance resources" view and also the detailed "resource compliance" blade need to show more details on the policy rule that was not compliance (e.g. what field, expected values, actual values)

    For example, if I have a policy that checks for a tag existence, which has a parameter of tagName, then have an initiative which has that policy linked 4 times with different tagName parameters, you can't tell which is which or what the actual values of the resource evaluated were.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Blueprints and ARM Complete mode

    Today, without the ability to specify complete mode deployments, we struggle undoing items from ARM templates. As blueprints change over time, would make our lives much easier if we didn't need to drop into Azure CLI or REST to undo changes

    https://github.com/neilpeterson/azure-blueprints-pipeline-tasks/issues/66

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow for blueprint access on management groups without seeing all other subscriptions beneath it

    We want to give access to blueprints on management groups without the user seeing all other subscription below that management group.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Grafana plugin for Resource Graph

    We love the Grafana plugins for Log Analytics, Appinsights, ADE. Can we see a plugin for Azure Resource Graph next?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  5. Include expanded instance view information into virtual machines response

    It would be very useful to include properties.instanceView into base response for 'Microsoft.Compute/virtualMachines'. It's not efficient enough to get instance statuses for each machine in separate API call. Moreover I didn't find an ability to retrieve this property via GraphAPI at all.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support Optional Blueprint Parameters

    Currently, all Blueprint Parameters require a value to be entered. Please support optional parameters for Blueprints. There are numerous use cases for this:


    • Deploy a VM standalone or in an Availability Set.

    • Add additional tags to resources.

    • And so on...

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  7. Blueprint Parameters Validation

    Currently the only Blueprint Parameter validation properties that are accepted is "defaultValue" and "allowedValues". Please add the following that are supported by ARM Template Parameters and would provide a much better experience for an Blueprint Assigner:


    • minValue

    • maxValue

    • minLength

    • maxLength

    More information about the above properties can be found here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates#parameters

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow use of resourceGroup() functions within a resource group artifact

    When using an ARM template artifact within a resource group artifact, allow us to use the resourceGroup() functions, like respourceGroup().location. Currently, we receive the error: Error: 'The function 'resourceGroup' is not valid.'

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Microsoft.Compute/Disks.managedby as a policy alias

    Please add Microsoft.Compute/Disks.managedby as a valid policy alias, in order to audit unattached disks as non-compliant resources

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Policy : Need to see compliant ressources (not only not-compliant)

    HI,

    When setting up Azure Policy, compliant policy just display non-compliant ressources.

    It could be give some confusion for Policy Manager if our custom policy is really working. Best way that I found, is to create a new ressource without attended settings, then check later (if audit mode) if this ressources is show as non compliant, then change the settings for check if now I've 0 non-compliant ressources.

    For to be more quick in deploying azure policy rules, just a tab for show all compliant ressources, could be useful.

    Extra question : when having not conpliant based on field, to…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow assign Azure policies on all subscription under EA portal

    Now policies can be assigned on a subscription/resource group/resources level.
    But my customer want to assign policies once on all subscriptions under EA portal or at least on department level

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  12. I want to prevent a single person being able to delete resources or resource groups without a second person having approved the change.

    I was wondering if it possible to have some kind of workflow for managing resources in Microsoft Azure. My goal is to have two persons having to agree on certain actions in Resource Manager. I want to prevent a single person being able to delete resources or resource groups without a second person having approved the change.

    Is it possible to have something like this in Azure?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to query budget and forecast in Azure Resource Graph

    Please add the ability to query budget and forecast in Azure Resource Graph. This will allow the creation of dynamic and filterable cost management dashboards

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improve CIS Blueprints for subnet NSGs and/or clarify documentation

    CIS Blueprint policy says subnet does not have an NSG, but the portal and az CLI say it does. The policy definition refers to Microsoft.Security/complianceResults and networkSecurityGroupsOnSubnets which are not documented.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. Include core counts for VMs for the purpose of cross-joins with other data

    It would be great to have some of other meta data exposed within Resource Graph. More specifically a way to get the number of cores that a VM size has. This would be valuable for queries to show the total number of cores that are used. Right now, we have to export out the results of the Resource Graph and convert the VM SKU to the number of cores outside of Resource Graph. Having it within the Resource Graph would allow us to do joins within our queries to get a single report with all of the information that we…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  16. Create additional policy condition of 'inCaseSensitive' to validate case-senstive match in the Array

    Request to have the policy condition similar to 'in' for an Array to have an additional policy condition of 'inCaseSensitive' (or similar) to validate the value in the array is an exact, case-sensitive match.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Exclude resource groups and/or resources when deploying a blueprint like you can with policy assignments under policy.

    Exclude resource groups and/or resources when deploying a blueprint like you can with policy assignments under policy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make tag-values immutable (perhaps via Blueprint Locks)

    We are using tags a lot to organize our ressources. That's why we have some hundred values for one key.
    as deployers tend to do mistakes like typos we would be glad if tag-values could be predeployed and afterwards made immutable e.g. by using a blueprint and locking them. Another approach for the source of truth could be a storage table, or database.
    Like that no addition, duplicates, typos etc. could be created.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support conditions on artifact level

    It would be very nice when conditions attribute can be set on a artifact like it could on resources in an ARM template. So it would be possible to deploy or not deploy artifacts based on parameter inputs or outputs from an ARM.
    Example use case:
    Blueprint creates a vNet and an AKS cluster. Then you configure an ingress controller on AKS and after that a new NSG should be deployed which locks down the vNet so only the LB of the Ingress Controller is reachable. This can be done by update the blueprint assignment and specify a parameter like…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to query for custom role definitions in Azure Resource Graph

    Please add support for listing all custom role definitions

    Resource Type: Microsoft.Authorization/roleDefinitions

    https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roledefinitions

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base